How To log BotDetect ASP.NET 1.1 CAPTCHA validation attempts (BotDetect v2.0)
Please Note
The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v2.0).
An up-to-date equivalent page for the latest BotDetect Captcha release (v3) is BotDetect v3 ASP.NET Captcha How To guides.
General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v3.0 page.
Since version 2.0.14, BotDetect ASP.NET CAPTCHA extends the built-in troubleshooting utility to also allow logging all Captcha validation attempts. This page describes how to use this functionality in your projects.
Table of Contents
- Log BotDetect CAPTCHA validation attempts to a text file
- Advanced logging configuration and log4net license
- BotDetect CAPTCHA validation log format
- BotDetect CAPTCHA validation log example
Log BotDetect CAPTCHA validation attempts to a text file
Please Note
Logging all Captcha validation attempts should only be turned on for limited periods of time, during troubleshooting and debugging.
To provide all data required to properly diagnose Captcha validation problems, the Troubleshooting utility generates about 2kB of data per single Captcha validation attempt.
Captcha validation logging should not be left on for longer periods of time on production servers, since it will quickly generate very large log files.
Step-by-step Instructions
- Find the Troubleshooting sub-folder in your BotDetect ASP.NET CAPTCHA installation folder (C:\Program Files\Lanapsoft\BotDetect 2.0 CAPTCHA\ASP.NET 1.1\Assembly\Troubleshooting by default)
- Copy the Lanap.BotDetect.Troubleshooting.dll and log4net.dll files to your application's Bin folder
Create a text file called debug.txt in the same folder your application's web.config file is in, and make sure the appropriate IIS user account has Modify permissions for it.
Which user account is used depends on the IIS version you are running and your IIS configuration. By default, you will use:
- IIS 5.0 or 5.1: ASPNET
- IIS 6.0 or 7.0: NETWORK SERVICE
- IIS 7.5: the ApplicationPoolIdentity user account for your application's AppPool
You can set the required permissions from the command line by running:
cacls debug.txt /G "ASPNET":C /E /C cacls debug.txt /G "NETWORK SERVICE":C /E /C cacls debug.txt /G "IIS AppPool\TODO:AppicationPoolName":C /E /C
- Add the following lines at the top of the <configuration> section in your application's web.config file:
<configSections> <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" /> </configSections> <log4net> <!-- Debug info is logged to a 'debug.txt' file --> <appender name="DebugFileAppender" type="log4net.Appender.FileAppender"> <file value="debug.txt" /> <appendToFile value="true" /> <lockingModel type="log4net.Appender.FileAppender+MinimalLock" /> <layout type="log4net.Layout.PatternLayout,log4net"> <conversionPattern value="%date [%thread] %type - %n%n%message%n%n" /> </layout> </appender> <!-- Debug logging is enabled, comment-out to disable --> <logger name="DebugLogger"> <level value="DEBUG" /> <appender-ref ref="DebugFileAppender" /> </logger> </log4net>This will register a custom log4net configuration section with all the necessary log4net settings.
- Add the following lines at the top of the <system.web> section, just above the <httpHandlers> element:
<httpModules> <add type=" Lanap.BotDetect.Troubleshooting.LoggingModule, Lanap.BotDetect.Troubleshooting" name="LoggingModule" /> </httpModules>This will register the error tracking HttpModule.
Explanation
The Lanap.BotDetect.Troubleshooting.dll assembly contains a special HttpModule (called LoggingModule), which also handles the Captcha.PreValidateCaptcha and Captcha.PostValidateCaptcha events and passes the data to loggers defined in the log4net configuration section.
Sample Project
The approach described in the previous section is implemented in the troubleshooting sample shipped with BotDetect, so you can check it's (C# or VB.NET) source code for further details and web.config file examples.
Advanced logging configuration and log4net license
Since the LoggingModule uses the open source log4net logger (http://logging.apache.org/log4net/), you can customize the exact method of logging to best suit your specific needs: you can write logs to a text file, or a database, the console etc.
There is a plethora of different options and settings you can use, and we encourage you to learn more about them in the log4net manual at http://logging.apache.org/log4net/release/manual/introduction.html.
The log4net license can be can be found at http://logging.apache.org/log4net/license.html, as well as in the Assembly\Troubleshooting sub-folder of your BotDetect ASP.NET CAPTCHA installation folder (log4net license.txt and log4net notice.txt files, as per the terms of use).
BotDetect CAPTCHA validation log format
Each Captcha validation log contains the following information:
- The date and time when the event occurred, and the type of event handled
- Client IP address, cookies and user agent
- Event arguments, with validation event data such as user input and Captcha validation result
The Session state contents relevant to BotDetect CAPTCHA functionality:
- the Session ID
- values of all Session State keys generated by BotDetect
- the collection of codes active for the current Session
- time of generation, contents and usage tracking of each active code
BotDetect CAPTCHA validation log example
2009-09-05 16:42:48,343 [5304] Lanap.BotDetect.Troubleshooting.DebugLogger - PreValidateCaptcha, CLIENT IP 127.0.0.1 COOKIES ASP.NET_SessionId: fh3nfi55mvegjz45idqmktzf BROWSER Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) , PreValidateCaptchaEventArgs USER INPUT: ASDASD CAPTCHA ID: default_samplecaptcha VALIDATING INSTANCE ID: c598856590de4914b2d368595522277c VALIDATION ORIGIN: Server , REQUEST LBD_VCT_default_samplecaptcha : c598856590de4914b2d368595522277c , SESSION ID : fh3nfi55mvegjz45idqmktzf LBD_CaptchaCodeCollection_default_samplecaptcha : CODE COLLECTION c598856590de4914b2d368595522277c : CAPTCHA CODE code : D9M4S generated at : 9/5/2009 4:42:41 PM image requested: True sound requested: False ----------------------------------------------------------------------- 2009-09-05 16:42:48,437 [5304] Lanap.BotDetect.Troubleshooting.DebugLogger - PostValidateCaptcha, CLIENT IP 127.0.0.1 COOKIES scroll: http://captcha.biz/demos/features/captcha-demo.aspx,0,0 ASP.NET_SessionId: fh3nfi55mvegjz45idqmktzf BROWSER Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) , PostValidateCaptchaEventArgs USER INPUT: ASDASD CAPTCHA ID: default_samplecaptcha VALIDATING INSTANCE ID: c598856590de4914b2d368595522277c VALIDATION ORIGIN: Server VALIDATION RESULT: False , REQUEST LBD_VCT_default_samplecaptcha : c598856590de4914b2d368595522277c , SESSION ID : fh3nfi55mvegjz45idqmktzf LBD_CaptchaCodeCollection_default_samplecaptcha : CODE COLLECTION -----------------------------------------------------------------------
Please Note
The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v2.0).
An up-to-date equivalent page for the latest BotDetect Captcha release (v3) is BotDetect v3 ASP.NET Captcha How To guides.
General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v3.0 page.
Current BotDetect Versions
- BotDetect ASP.NET CAPTCHA v3.0.92011–11–21
- BotDetect ASP Classic CAPTCHA v3.0.92011–11–21
